Platform
Packages
- SOLUTIONS
- INDUSTRIES
Products
Company
Contact Us
This Privacy Policy (“Policy”) explains how Human Security, Inc., including its subsidiaries listed in Section 3 below (collectively, “HUMAN,” “we,” “us,” “our”), collects, uses, and discloses information through our website, online communications, other online platforms, and our products, services and reporting platforms (collectively, the “Services”). The Policy is divided into two sections:
This Policy applies to the following subsidiaries of Human Security, Inc.: Human Security, Inc., Human Security UK, Ltd., PerimeterX, Inc., Perimeter X Ltd., Human Security Canada, Inc.
HUMAN complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. HUMAN has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. HUMAN has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. In the context of an onward transfer, HUMAN has responsibility for the processing of personal data it receives under the DPF and subsequently transfers to a third party acting as an agent on our behalf. HUMAN remains liable under the DPF if our agent processes such personal information in a manner inconsistent with the DPF, unless HUMAN can prove that we are not responsible for the event giving rise to the damage. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
The Federal Trade Commission has jurisdiction over HUMAN’s compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. In certain situations, HUMAN may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
HUMAN is an approved vendor on the Global Vendor List (GVL) and meets criteria for both TCF V2.0 Operational status and V2.2 Operational status, which signifies that we adhere to the principles and guidelines outlined by the Transparency and Consent Framework (TCF).
Please read this Policy carefully so that you understand our information practices. If you do not agree with the terms of this Policy, please do not use the Services. If you have any questions about this Privacy Notice, please contact us at privacy@humansecurity.com.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, HUMAN commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF to TRUSTe, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://feedback-form.truste.com/watchdog/request for more information or to file a complaint. The services of TRUSTe are provided at no cost to you. You have the possibility,
under certain conditions, to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other mechanisms set out in this Policy. For more information, please visit the official DPF website.
We reserve the right to change this Policy at any time to reflect changes in the law, our data collection, use and disclosure practices, the features of our Services, or advances in technology. Please check this page periodically for changes. Your continued use of the Services following the posting of changes to this Policy will be deemed to mean you understand the applicability of those changes.
For your convenience, links to each section of the Policy is as follows:
SECTION 3: CONTACT INFORMATION
SECTION 1: CONTROLLER DATA
1. INFORMATION WE COLLECT
We collect information in multiple ways, including when you provide information directly to us, and when we passively collect information from you, such as information collected from your browser or device that you use to access the Site.
A. Information You Provide Directly to Us
When you browse our Site or otherwise interact with us, you may provide us information directly, including:
We may automatically collect certain information about the computer or devices (including mobile devices) you use to access the Services, such as (a) IP addresses, unique device identifiers and other information about your computer or mobile phone or other mobile device(s), browser types, browser language, operating system, the state or country from which you accessed the Services; and (b) information related to the ways in which you interact with the Services, such as: referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages and content viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, the frequency of your use of the Services, error logs, and other similar information. As described further below, we may use third-party analytics providers and technologies, including cookies and similar tools, to assist in collecting this information.
We also automatically collect data when you engage in a transaction with us, such as a transaction ID, purchase date and time, and transaction amount.
(ii) Location Information
We may automatically collect location information, including general location information (e.g., city, state and zip code) derived from your IP address or other information associated with your device.
(iii) Cookies and Other Electronic Technologies
Some parts of the Services may use cookies and similar technologies, such as web server logs, beacons, and tracking pixels. A cookie is a small text file that is placed on your computer when you visit a website, that enables us to: (i) recognize your computer; (ii) store your preferences and settings; (iii) understand what pages on the Website you have visited; (iv) enhance your user experience by delivering content specific to your interests; (v) perform searches and analytics; and (vi) assist with security administrative functions. Cookies are placed in your browser cache, while tracking pixels (sometimes referred to as “web beacons” or “clear GIFs”) are electronic tags with a unique identifier embedded in websites, online ads and/or email, and are designed to provide usage information like ad impressions or clicks, measure popularity of the Services and associated advertising, and access user cookies. We may also use these automated technologies to collect and analyze other information related to the devices you use to access the Services, such as IP addresses, browser types, browser language, operating system used, the domain name of your Internet service provider, unique device identifiers, and other information about your devices used to access the Website. These automated technologies may also collect information on the websites you have visited before and after you visit the Website, and the advertisements you have accessed, seen, forwarded, and/or clicked on when using the Website or other sites. We or third-party technologies we use may place or recognize a unique cookie on your browser to enable you to receive customized content, offers, services or advertisements on our websites or other sites. We use cookies in the Product to maintain authenticated access and user sessions. We also use cookies to ensure authorized access to client-specific secure content and reports. As we adopt additional technologies, we may also gather additional information through other methods.
Please note that you can change your settings to notify you when a cookie is being set or updated, or to block cookies altogether. Please consult the "Help" section of your browser for more information (e.g., Microsoft Edge, Google Chrome, Mozilla Firefox, or Apple Safari). Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Website.
Please note that by blocking any or all cookies, you may not have access to certain features or offerings of the Website.
We use third parties to assist us in serving advertisements, tracking site usage statistics, and providing content-sharing services to support the Services. These third parties may also use cookies and similar technologies to collect similar information about your use of the Website. We do not control these third-party technologies, and their use of your information is governed by those parties' privacy policies. For more information about how to opt out of these third parties’ use of your information, please see Section 6 below.
C. Information Collected from Other Sources
We may receive information from third-party partners or clients in our capacity as a Controller to enhance our Product (“Partner Information”). We use such information within the scope of our authorization to do so and in accordance with our commitments under applicable law.
2. HOW WE USE YOUR INFORMATION
We may use the information we collect for the following purposes:
We may also combine information that we collect from you with information we obtain about you from third parties. We may aggregate and/or de-identify any information collected through the Services. We may use de-identified and/or aggregated data for any purpose, including without limitation for research and marketing purposes, and may also disclose such data to any third parties.
3. WHEN WE DISCLOSE YOUR INFORMATION
We may disclose your information to parties outside of Human under the following circumstances:
4. OUR LEGAL BASES FOR PROCESSING YOUR PERSONAL DATA
The laws in some jurisdictions require companies to tell you about the legal grounds they rely on to use or disclose your “personal data” as such term is defined under applicable law. To the extent that those laws apply, our legal grounds are as follows:
5. INTERNATIONAL USERS
The Services are operated in the United States and are governed by United States law. If you are a resident of the European Economic Area or other location outside the United States, please be advised that any information you provide through the Services will be transferred to the United States or other designated locations outside of the United States for certain processing/hosting operations. When we transfer your information internationally, we take legally-required steps to protect your information in accordance with this Privacy Policy and applicable laws. These measures may include implementing Standard Contractual Clauses to govern the transfer of your information, or other means recognized by applicable laws. By providing us with your information, you acknowledge any such transfer, storage, or processing.
6. ONLINE ANALYTICS AND ADVERTISING
We do not serve third-party advertisements to you while using our Services. However, we do work with online analytics and advertising partners to: (1) better understand the use of our Services so that we can improve our Services; and (2) deliver advertisements for the Services that are more tailored to you both on our Services and on third-party Services.
Our partners may also place cookies, pixel tags and similar technologies on many online services, including ours. They use these technologies to collect information about your activities on these services in order to deliver you more relevant advertising. For example, they may use the information they collect from their cookies on our Services to identify products and services you might be interested in and to recognize your device so they can show you relevant advertisements on other services.
We neither have access to, nor does this Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device you use to access the Services by non-affiliated, third-party ad technology, ad servers, ad networks or any other non-affiliated third parties. Those parties that use these technologies may offer you a way to opt out of ad targeting as described below. If you are interested in more information about tailored browser advertising and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link or the Digital Advertising Alliance’s Consumer Opt-Out link to opt-out of receiving tailored advertising from companies that participate in those programs. You may also use the links available in advertisements that appear in the Services and learn more about our advertising practices through the “About Our Ads” link available through the Services.
Please note that you may still receive advertisements even if you opt out of tailored advertising. In that case, the ads will just not be tailored. Also, we do not control any of the above opt-out links and are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.
7. YOUR DATA RIGHTS AND CHOICES
A. Marketing Communications
You can unsubscribe from marketing emails we send to you by clicking the “unsubscribe” link they contain. Please note that even though you may opt-out of receiving marketing-related communications from us, we may still send you important administrative and transactional messages.
B. Rights Regarding Your Information
Depending on your jurisdiction, you may have the right, in accordance with applicable data protection laws, to make requests related to your “personal information” or “personal data” (as such terms are defined under applicable law, and collectively referred to herein as “personal information”). Specifically, you may have the right to ask us to:
Please note that certain information may be exempt from such requests under applicable law. For example, we need certain information in order to provide the Services to you.
You may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising” as described below. If you are a California resident, please see the “Notice to California Residents” in Section 8 below for more information about our privacy practices and your rights.
As provided in applicable law, you also have the right to not be discriminated against for exercising your rights. Please note that certain information may be exempt from such requests under applicable law. For example, we need to retain certain information in order to provide our services to you. We also need to take reasonable steps to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name and email address. If we are unable to verify you, we may be unable to respond to your requests.
To exercise any of these rights, you may email us at Privacy@humansecurity.com with your name and type of request you are making.
You may be able to designate an authorized agent to make requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.
Depending on applicable law, you may have the right to appeal our decision to deny your request, if applicable. We will provide information about how to exercise that right in our response denying the request. You also have the right to lodge a complaint with a supervisory authority.
C. Notice of Right to Opt Out of Sales of Personal Information and Processing/Sharing of Personal Information for Targeted Advertising Purposes
Depending on your jurisdiction, you may also have the right to opt out of “sales” of your information and “sharing/processing of your information for targeted advertising.”
As explained in the “When We Disclose Your Information” and “Online Analytics and Advertising” sections above, we sometimes disclose information to unaffiliated third parties we collaborate with or that provide offers that we think may be of value to you. We also provide information to third-party advertising providers for targeted advertising purposes or use advertising analytics partners to assist us in analyzing use of our services and our user/customer base. Under applicable law, the disclosure of your personal information to these third parties to assist us in providing these services may be considered a “sale” of personal information or the processing/sharing of personal information for targeted advertising purposes.
If you would like to opt out of the disclosure of your personal information for purposes that could be considered “sales” for those third parties' own commercial purposes, or “sharing” or processing for purposes of targeted advertising, please visit the following link, which is also available in the footer of our Site: "Do Not Sell or Share My Personal Information". Note that you will need to opt out on each device you use to access the Services.
Depending on your jurisdiction, you may be permitted to designate an authorized agent to submit such requests on your behalf. Please note that we do not knowingly sell the personal information of minors under 16 years of age.
8. NOTICE TO CALIFORNIA RESIDENTS
If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and disclose your “personal information” as defined in the California Consumer Privacy Act (“CCPA”).
We describe the categories of information we collect, our business purposes for collecting such information, the sources and uses of such information and the entities with which we disclose such information in the “Information We Collect”, “How We Use Your Information,” and “When We Disclose Your Information” sections of this Privacy Policy. We provide additional information required by the CCPA below.
A. Categories of Personal Information we collect, use and disclose
Throughout this Policy, we discuss in detail the types of Information we collect from and about users and discuss how we use and disclose such information. The following are the “categories” of personal information under the CCPA that we collect from California consumers and that we may, as discussed throughout this Policy, use and disclose for our business purposes:
Identifiers (such as name, address, email address, and username and password); commercial information (such as transaction data); financial data (such as credit card information processed by our payment processor); device identifiers (such as IP address and unique device identifiers); internet or other network or device activity (such as browsing history); general geolocation data derived from IP addresses; any user-generated content or feedback that you provide; professional or employment related data.
B. How we use these categories of personal information
We and our service providers may use the categories of personal information we collect from and about you for the following business and commercial purposes (as those terms are defined in applicable law).
Examples of these types of uses are discussed in the “How We Use Your Information” section of our Privacy Policy. We may also use the categories of personal information for compliance with applicable laws and regulations, and we may combine the information we collect (“aggregate”) or remove pieces of information (“de-identify”) to limit or prevent identification of any user or device. We may also disclose this information to third parties for legal, compliance or security purposes, or in connection with a business transfer, as described further in “When We Disclose Your Information” above.
C. Sale/Sharing of Personal Information
The CCPA sets forth certain obligations for businesses that “sell” personal information or “share” personal information for cross-context behavioral advertising purposes. Under the CCPA, “sale” and “sharing” are defined such that they may include allowing third parties to receive certain information for advertising purposes. We “sell” or “share” the following categories of information to third-party advertising partners and vendors that support our advertising efforts (such as advertising analytics services):
Identifiers (such as name, address, email address); commercial information (such as transaction data); internet or other network or device activity (such as browsing history and usage information).
If you would like to opt out of our use of your information for such purposes that are considered a “sale” or “sharing” for cross-context behavioral advertising purposes under California law, please see the instructions provided in Section 1.7.C (Notice of Right to Opt Out of Sales of Personal Information and Processing/Sharing of Personal Information for Targeted Advertising Purposes) of the Privacy Policy above.
Please note, in the limited circumstances that we process sensitive personal information (such as usernames in combination with passwords) as defined in the CCPA, we do not use or disclose it other than for disclosed and permitted business purposes for which there is not a right to limit under the CCPA.
D. Additional Privacy Rights
California residents may make certain requests about their personal information under the CCPA as set forth in Section 1.7.B (Rights Regarding Your Information) above.
E. Shine the Light
California Law permits California residents to request certain information once per year regarding our disclosure of “personal information” (as that term is defined under applicable California law) to third parties for such third parties’ direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes.
F. Do Not Track
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. DNT is a way for users to inform websites and services that they do not want certain information about their webpage visits collected over time and across websites or online services. Except as otherwise described herein with respect to legally required browser based opt outs, we do not recognize or respond to browser-initiated DNT signals, as there is no industry-wide framework for DNT signals. To learn more about Do Not Track, you can do so here.
9. SECURITY AND RETENTION OF YOUR INFORMATION
We have implemented administrative, technical, and physical security measures to protect against the loss, misuse and/or alteration of your information. These safeguards vary based on the sensitivity of the information that we collect and store. However, we cannot and do not guarantee that these measures will prevent every unauthorized attempt to access, use, or disclose your information since despite our efforts, no Internet and/or other electronic transmissions can be completely secure.
We generally retain personal data for so long as it may be relevant to the purposes above. In determining how long to retain information, we consider the amount, nature and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of the information, the purposes for which we process the information, applicable legal requirements, and our legitimate interests. The purposes for which we process information (as well as the other factors listed above) may dictate different retention periods for the same types of information. For example, we retain a record of your purchase of a Product subscription for the duration of your subscription and for an additional period of time after that for our legitimate interests and for our fraud and legal compliance purposes. If you opt out of email marketing, we maintain your email on our suppression list for an extended time to comply with your request. To dispose of your information, we may anonymize it, delete it or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for additional time.
10. INFORMATION FROM CHILDREN
The Services are not directed to children under the age of 16. If we discover we have received any “personal information” (as defined under the Children’s Online Privacy Protection Act) from a child under the age of 13 in violation of this Policy, we will take reasonable steps to delete that information as quickly as possible. If you believe we have any information from or about anyone under the age of 16, please contact us at the address listed below.
For residents of the European Economic Area, where processing of personal information is based on consent, we will not knowingly engage in that processing for users under the age of consent established by applicable data protection law. If we learn that we are engaged in that processing with such users, we will halt such processing and will take reasonable measures to promptly remove applicable information from our records.
SECTION 2: PROCESSOR DATA
HUMAN provides cutting-edge anti-fraud solutions across a spectrum of industries from advertising to eCommerce to Big Data and Enterprise Business. Our Product includes, at our customers’ option: a client-side Detection Tag, a server-side integration, and a service to consume logs, that each collect behavioral and technical risk signals on a per-session and per-device level to determine whether activity is a human or non-human, as well as whether the activity represents a high risk of fraud. We process the data we collect from customers (Processor Data) to provide the Product in our capacity as a “processor” or “service provider,” as those terms are defined in applicable data protection law. As such, our collection, use, and disclosure of such information is governed by our contracts with our customers, but for transparency, we summarize these practices below.
1. INFORMATION WE COLLECT
HUMAN uses various technologies, as described in detail in Section 1.1.B (Information That is Passively and/or Automatically Collected) above, to collect data in order to deliver the Product to our customers. The Product uses JavaScript and/or pixels that place a small piece of HTML code either on a webpage, across a domain, or at the server level, to collect information about web or mobile app visits. This information is used to provide the Product. The types of data we collect using this technology include:
Additionally, our customers can, at their option, pass parameters and information from integrated third-party web services to HUMAN for reporting, such as campaign ID, account ID, placement ID, and ad ID. Some web services offer macros that allow these types of identifiers to be passed to other companies. Customers may elect to have these identifiers passed to HUMAN for reporting on non-human activity and other fraud behaviors.
2. USE AND DISCLOSURE OF INFORMATION
We use and disclose Processor Data in order to provide the Product, consistent with our customer agreements. Processor Data may be integrated into the Product and shared with other clients to enhance the Product’s anti-fraud functionality. The primary means by which we provide information to our customers is in aggregated reports provided as part of the Product, including but not limited to our customer dashboard, which is access-controlled. However, certain identifiers contained in Processor Data may be provided to government entities without attribution to any specific customer for the agencies’ anti-fraud and intelligence purposes.
We may also use Processor Data to ensure the security of the Product and for analytics (e.g., to detect behavior patterns in order to enhance the Product). We may also aggregate Processor Data for general corporate marketing and industry benchmarking purposes. Processor Data may be disclosed to our service providers, as required by law or legal process, and to a third party in the event of a business reorganization, merger, sale, joint venture, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings).
SECTION 3: CONTACT INFORMATION
When you contact us, please indicate in which country and/or state you reside.
Human Security, Inc.
841 Broadway
New York, NY 10003
Attn: Data Protection Officer
privacy@humansecurity.com
Human Security UK, Ltd.
3rd Floor, 1 Ashley Road
Altrincham, Cheshire, WA14 2DT
Attn: Data Protection Officer
privacy@humansecurity.com
PerimeterX, Inc.
Attn: Data Protection Officer
privacy@humansecurity.com
Perimeter X Ltd.
Attn: Data Protection Officer
privacy@humansecurity.com
Human Security Canada, Inc.
Attn: Data Protection Officer
privacy@humansecurity.com